Supporting the context establishment according to ISO 27005 using patterns
The documentation of an information and communication system according to the requirements of the ISO 27005 standard is difficult, because the standard only provides sparse descriptions. We propose the use of specific patterns for the ISO 27005 standard, which can be instantiated for any given information and communication system. Each of our pattern will cover a section of the standard. In this paper we present one pattern for Section 7 of the standard, the context establishment. This is one of the initial steps of the standards and it is the input for following steps, e.g., the asset identification.
Full Text: PDF